Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
10081A1210 from the monitor of a computer screen. Tempest can capture the signals through the walls of computer screens and keystrokes of keyboard even if the computer is not connected to a network. Thus the traditional way of hacking has a little advantage in spying.
emission
Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, information may disclose the
transmitted,
received,
equipment.TEMPEST is a code word that relates to specific standards used to reduce electromagnetic emanations. In the civilian world, you'll often hear about TEMPEST devices (a receiver and antenna used to monitor
eavesdrop on someone). While not quite to government naming specs, the concept is still the same. Echelon is the technology for sniffing through the messages sent over a network or any transmission media, even it is wireless messages. Tempest is the technology for intercepting the electromagnetic waves over the air. It simply sniffs through the electromagnetic waves propagated from any device, even it is
1 SHADAN COLLEGE OF ENG & TECH
10081A1210 method of Tempest and Carnivores behind. Echelon is the technology for sniffing through the messages sent over a network or any transmission
CHAPTER 1 INTRODUCTION
September11 attack of Terrorists in New York. In the novel 1984, George Orwell foretold a future where individuals had no expectation of privacy because the state monopolized the technology of spying. Now the National security
intercepting the electromagnetic waves over the air.It simply sniffs through the electromagnetic waves propagated
from any devices, even it is from the monitor of a computer screen. Tempest can capture the signals through the walls of computer of key screens board and even
Agency Of USA developed a secret project to spy on people for keep tracing their messages to make technology enabled interception to find out the terrorist activities across the globe, named as Echelon. Leaving the
keystrokes
thecomputer is not connected to a network. Thus the traditional way of hacking has a little advantage in spying. For the common people it is so hard to believe that their monitor can be reproduced from anywhere in one kilometer range without any
project Developed by NSA (National Security Agency of USA) and its allies is tracing every single transmission even a single of keyboard. The allies of USA in this project are UK, Australia, New Zealand and Canada. Echelon is
transmission media in between the equipment and their computer. So we have to believe the technology enabled us to reproduce anything from a monitor of computer to the Hard Disks including the Memory (RAM) of a distant computer without any physical or visual contact. It is done with the
developed with the highest computing power of computers connected through the satellites all over the world. In this project the NSA left the wonderful
TEMPEST AND ECHELON Electromagnetic waves propagated from that device. The main theory behind the Tempest(Transient Electromagnetic
for this.
messages by the technology named as the Tempest and also with the
Carnivore. Every packet is sniffed for spying for the USAs NSA for security reasons.Interception of communications is a method of spying commonly employed by intelligence services, For an intelligence agency they are make use of the spies for the secret services for government to provide the security of government and the people. So they can use any methods to ensure the security of people including spying, it is not guilt. It depends on the target we are aiming. To capture the terrorists before they can make any harm to people, we must keep the technology ahead. We, Engineers are behind that project of NSA and so we have to aware of that technology for enabling our INDIA also in this field. Because it is used mainly by the security agencies and spies all over the world even though there is a lack of equipments for this purpose. Equipments for Tempest
Pulse Emanation Standard.) is that any electronic or electrical devices emit Electromagnetic radiations of specific key when it is operated. For example the picture tube of computer monitor emits radiations when it is scanned up on vertical of horizontal range beyond the screen. It will not cause any harm to a human and it is very small. But it has a specific frequency range. You can reproduce that electromagnetic waves by tracing with the powerful equipments and the powerful filtering methods to correct the errors while transmission equipment.Actually electromagnetic waves are from the this not
necessary for a human being because it not coming from a transmitter, but we have a receiver to trace the waves. For the project
named as Echelon the NSA is using supercomputers for sniffing through the packets and any messages send as the electromagnetic waves. They are using the advantage of Distributed computing
spying is available in USA and is prohibited of exporting from there. Some smuggled equipments may be here. But we have to develop the systems for our Military and
3
TEMPEST AND ECHELON Intelligence Agencies for ensuring the best securityforourpeople.
10081A1210
10081A1210 system.While developing this we have to consider about the privacy of common America domestic American the regular discovery targeted reasons of at of
communications is a method of spying commonly employed by intelligence services, whereas there can now be no doubt that the purpose of the system is to intercept, at the very least, private and commercial communications, and not military communications, although the analysis carried out in the report has revealed that the technical capabilities of the system are probably not nearly as extensive as some section of the media had assumed.
unpopular political affiliation or for no probable cause at all in violation of the First, Fourth and Fifth Amendments of the Constitution of America are
privilege claims by the intelligence agencies and the US government. The guardians and caretakers of their
liberties, their duly elected political representatives, give scarce attention to these activities, let alone the abuses that occur under their watch. The other ECHELON targets are political spying and industrial espionage. The existence and expansion of ECHELON is a foreboding omen regarding the future of our Constitutional liberties. If a
government agency can willingly violate the most basic components of the Bill of Rights without so much as Congressional oversight and approval, we have reverted from a republican form of government to tyranny.While considering about the political spying we have to consider many legal issues. It consists of spying the other parties and the messages sent
5
TEMPEST AND ECHELON by them. Since the close of World War II, the US intelligence agencies have developed a consistent record of
10081A1210 These signals are fed through the massive supercomputers of the NSA to look for certain keywords called the ECHELON dictionaries.For these
trampling the rights and liberties of the American people. Even after
above reasons our country INDIA must be enabled to cop with the new interception system. For that we,
theinvestigations into the domestic and political surveillance activities of the agencies that followed in the wake of the Watergate fiasco, the NSA continues to target the political activity of unpopular political groups and our duly elected representatives.While the Industrial
engineers must do the work other wise our country will also become vulnerable to any attacks from the other states. For that reason i am presenting this seminar
considering
about
Espionage we have to discuss we have to redefine the notion of National Security to include economic, commercial and corporate concerns. Many of the major companies helped NSA to develop the ECHELON system to tackle the .
mammoth task for setting up the largest computing power throughout the world. ECHELON is actually a vast network of electronic spy stations located around the world and maintained by five countries: the US, England, Canada, Australia, and New Zealand. These countries, bound together in a still-secret agreement called UKUSA, spy on each others citizens by intercepting and gathering electronic signals of almost every telephone call, fax transmission and email message transmitted around the world daily.
10081A1210 and, environmental conditions related to physical security and ambient noise "compromising emanations" rather than
"radiation"
is
used
because
the
compromising signals can, and do, exist in several forms such as magnetic and/or electric field radiation, line conduction, (signal and power) or acoustic the
emanations
Compromising emanations aredefined as unintentiorial intelligence-bearing signals which, if intercepted and analyzed,
specifically,
1. Electromagnetic fields set free by elements of the plaintext processing equipment or its associated conductors. 2. Text-related signals coupled to cipher, power, signal, control or other BLACK lines through (a) common circuit elements such as grounds and power supplies or (b) inductive and capacitive coupling 3. Propagation of sound waves from mechanical or electromechanical devices. 4. The TEMPEST problem is not one which is confined to cryptographic devices; it is a system problem and is of concern for all equipment which process plaintext national security data.
acoustical energy unintentionally emitted by any of a great number of sources within equipment/systems which process national security information. This energy may relate to the original message, or information being processed, in such a way that it can lead to recovery of the plaintext. Laboratory and field tests have established that such CE can be
propagated through space and along nearby conductors. ranges The and
interception/propagation
analysis of such emanations are affected by a variety of factors, e.g., the functional design of the information processing equipment; system/equipment installation;
7 SHADAN COLLEGE OF ENG & TECH
10081A1210
emanations.RED Base band Signals -The most easily recognized CE is the RED baseband signal in attenuated but otherwise unaltered form, since it is essentially identical to the RED base band signal itself. This emanation can be introduced into electrical conductors
electromagnetic energy. Examples are switching transistors, oscillators. Signal generators, synchronizers, line drivers, and line relays. 2) Incidental Sources - Incidental sources are those which are not designed for the specific purpose of generating
connected to circuits (within an EUT) which have an impedance or a power source in common with circuits
processing RED baseband signals. It can be introduced into an escape medium by capacitive or inductive coupling, and especially by radiation with RED
baseband signals of higher frequencies or data rates. Modulated Spurious Carriers -This type of CE is generated as the modulation of a carrier by RED data. The carrier may be a parasitic oscillation generated in the equipment, i.e., the chopper frequency of a power supply, etc. The carrier is usually amplitude or anglemodulated by the basic RED data signal. or a signal related to the basic RED data
8
TEMPEST AND ECHELON signal, which is then radiated into space or coupled into EUT external conductors. See Figure below for time and frequency domain representations.
10081A1210
10081A1210
Impulsive
Emanations
--
Impulsive emanations are quite common in Equipment under Tests processing digital signal, and are caused by very fast mark-to-space and space-to-mark
transitions of digital signals. Impulsive emanations can be radiated into space or coupled into Equipment under Test external conductors. See Figure 2 below for the time and frequency domain representations. Other Types of Emanations -Most CE resembles one of the types mentioned thus far. There are, however, other possible types of CE which are caused by various linear and nonlinear operations occurring in informationprocessing equipments and systems. Such CE cannot easily be categorized. In practice, these emanations often exhibit features which can frequently be related to one of the three types discussed.
3.4Technology TEMPEST:
TEMPEST
behind
uses
the
the
intentionally or non intentionally. For receiving the texts or data at the other end we have to screw up to a specific frequency range and just listen or replicate the data at the other end. Tempest is the technology, which can reproduce what you are seeing in your monitor, what you are typing in your keyboard from a couple of kilometres away. It traces all electromagnetic radiation from the victims monitor, keyboard, even pc memory and hard disk, and then it reproduces the signals. By using this technology it is possible to intrude (only listening) in to a persons computer from a couple of kilometres away, even it is a computer which is not Networked and
enables the intruder to hack without any connection to the victims computer.
10081A1210
execute known algorithms. Even if signals caused by single instructions are lost in the noise, correlation techniques can be used to spot the execution of a known pattern of instructions. Bovenlander
electromagnetic radiation it transmits. This can be used for both attack and defence. To attack a system, malicious code can encode stolen information in the machine's RF emissions and optimize them for some combination of reception range, receiver cost and covertness. To defend a system, a trusted screen driver can display sensitive information using fonts which minimize the energy of these emissions.When computers averaging snooping similar in to a VDU, and periodic
reports identifying when a smartcard performs a DES encryption by monitoring its power consumption for a pattern repeated sixteen times. Several attacks become possible if one can detect in the power consumption that the smartcard processor is encode stolen information in the machine's RF emissions and optimize them for some combination of reception range, receiver cost and covertness. To defend a system, a trusted screen driver can display sensitive information using fonts which minimize the energy of these emissions.When computers snooping VDU, in to a similar
cross-correlation
techniques can be used if the signal is periodic or if its structure is understood. Video display units output their frame buffer content periodically to a monitor and are therefore a target, especially where the video signal is amplified to several hundred volts. Knowledge of the fonts used with video displays and printers allows maximum likelihood
periodicaveraging and cross-correlation techniques can be used if the signal is periodic or if its structure is understood. Video display units output their frame buffer content periodically to a monitor and are therefore a target, especially where the video signal is amplified to several hundred volts. Knowledge of the fonts used with video displays and
characters than is possible for individual pixels. Similar techniques can be applied when snooping on CPUs that
printers
allows
maximum
likelihood
11
10081A1210
ground; these are excited by the highfrequency components in the edges of the data signal, and the resulting short HF oscillations emit electromagnetic waves. It
characters than is possible for individual pixels. Similar techniques can be applied when snooping on CPUs that execute known algorithms. Even if signals caused by single instructions are lost in the noise, correlation techniques can be used to spot the execution of a known pattern of instructions. Bovenlander reports
has
also
been
suggested
that
an
eavesdropper standing near an automatic teller machine equipped with fairly simple radio equipment could pick up both magnetic stripe and PIN data, because card readers and keypads are typically connected to the CPU using serial links. A related risk is cross-talk between cables that run in parallel. For instance, the reconstruction of network data from telephone lines has been demonstrated where the phone cable ran parallel to the network cable for only two metres. Amateur radio operators in the
identifying when a smartcard performs a DES encryption by monitoring its power consumption for a pattern repeated sixteen times. Several attacks become possible if one can detect in the power consumption that the smartcard processor is about to write into EEPROM. For example, one can try a PIN, deduce that it was incorrect from the power consumption,and issue a reset before the non-volatile PIN retry counter is updated. In this way, the PIN retry limit may be defeated.Smulders showed that even
neighbourhood of a 10BASE-T network are well aware of the radio interference that twisted-pair Ethernet traffic causes in the short-wave bands. Laptop owners frequently hear radio interference on nearby FMradio receivers, especially during operations such as window
shielded RS-232 cables can often be eavesdropped at a distance. Connection cables form resonant circuits consisting of the induction of the cable and the capacitance between the device and
scrolling that cause bursts of system bus activity. A Virus could use this effect to broadcast data. Compromising emanations are not only caused directly by signal lines acting as parasitic antennas. Power and
12
10081A1210
ground connections can also leak high frequency information. Data line drivers cancause low- frequency variations in the power supply voltage, which in turn cause frequency shifts in the clock; the data signal is thus frequency modulated in the emitted RFI. Yet another risk comes from `active' attacks, and affect in which dataexternally parasitic dependent applied
student's Tempest spying kit is more likely to be just a radio receiver connected to an audio cassette recorder. In order to get a computer VDU to produce audible tones on our radio, we have to design a screen image that causes the VDU beam current to approximate a broadcast AM radio signal. If this latter has a carrier frequency fc and an audio tone with a frequency ft, then it can be represented as the timing of a digital video display system is first of all characterised by The pixel clock
modulators resonators
electromagnetic radiation: an attacker who knows the resonant frequency of (say) a PC's keyboard cable can irradiate it with this frequency and then detect key-press codes in the retransmitted signal thanks to theimpedance changes they cause. In general, transistors are non- linear and may modulate any signals that are picked up and retransmitted by a line to which they are connected. This effect is well known in the counterintelligence junction
frequency fp, which is the reciprocal of the time, in which the electron beam in the CRT travels from the centre of one pixel to the centre of its right neighbour. The pixel clock is an integer multiple of both the horizontal and vertical deflection frequencies, that is the rate fh = fp/xt with which lines are drawn and the rate fv = fh/yt with which complete frames are built on the screen. Here, xt and yt are thetotal width and height of the pixel field that we would get if the electron beam needed no time to jump back to the start of the line or frame. However the displayed image on the screen is only xd pixels wide and yd
13
community,
where`nonlinear
detectors' are used to locate radio microphones equipment. Short wave attacks:-If one wants to spy to a computer, then an important design criterion is the cost of the receiver. While intelligence services may already possess phased array antennas and software
SHADAN COLLEGE OF ENG & TECH
and
other
unauthorised
10081A1210
pixels high as the time allocated to the remaining xtyt - xdyd virtual pixels is used to bring the electron beam back to the other side of the screen. Attack software can read these parameters directly from the video controller chip, or find them in
R is in between 0 and1 is a uniformly distributed random number that spreads the quantization noise (dithering) for screen contents generated this way to broadcast an AM tone.
configuration files. For instance, on the ones Linux Workstation, a line of the formModeLine "1152x900" 95 1152 1152 1192 1472 900 900 931 939in the X Window System server configuration file /usr/lib/X11/XF86Config indicates that the parameters fp = 95 MHz, xd = 1152, yd = 900, xt = 1472 and yt = 939 are used on this system, which leads to deflection frequencies of fh = 64.5 kHz and fv = 68.7 Hz. If we de_ne t = 0 to be the time when the beam is in the centre of the upper left corner pixel (x = 0, y = 0), then the electron beam will be in the centre of the pixel (x,y) at time.For all 0 _ x < xd, 0 _ y < yd and n 2 IN. Using the above formula with the frame counter n = 0, we can now calculate a time t for every pixel (x,y) and set this pixel to an 8-bit greyscale value of [255/2+S(t)+R]with amplitudes, A = 255/4 and m = 1, where
14 SHADAN COLLEGE OF ENG & TECH
10081A1210 network formed by NSA and its allies all over the world to intercept the messages sent through any transmission media. It plays a major role in the intelligence related work of the NSA and its allies. It uses the largest computing power of distributed systems. It uses search
algorithms and sophisticated softwares like speech recognition and OCR software.Even though we discussed about the advantages of the Echelon and Tempest there is some major
methods for surveillance and spying from its own people and from its enemies. Here the scientists in the NSA developed the modern
disadvantages for these systems. These systems are GOD-LIKE and nothing can be hidden from the Echelon system. But the Echelon system will not provide any secrecy for the common people. It will only preserve the states policies. This will cause the leaking of the sensitive data of the industries and it will cause harm to that companies. And again the Tempest equipments are available in USA and is
techniques for finding the interception of messages. And they developed a network known as the Echelon
System. It made them to leap ahead of the hackers in one step. The main topics discussed here is Tempest and Echelon. Tempest is the technology for spying from electronic equipments with out any physical contact. It is the wonderful technology which people ever
prohibited of exporting from there, and thus if some terrorists got these Tempest equipments then it will cause harm to our industries and society. But many of the corporate firms are protecting their
experienced. It enables us to replicate the data on an electronic equipment from a couple of kilometres away. We can replicate the computer monitor and Hard disk (or even Memory) of computer system by this way.Echelon is the vast
companies from the Tempest attacks by use of software and equipments to prevent the Tempest attacks.
TEMPEST AND ECHELON Discussing about the future scope of Tempest and Echelon, we can say that these can be used to empower our intelligence agencies to do their job better than before. Unfortunately our India does not have a Tempest equipment developed yet. But we have to take care of the foreign intelligence agencies stealing our military data and the diplomatic data. We have to take the counter measures to protect our secret data from them. And we are not a part of Echelon network developed by NSA, so we have to develop one such for empowering our intelligence agencies and military agencies
10081A1210
10081A1210
http://www.eskimo.com/~joe lm/tempest.html
http://actionamerica.org/eche lon/echelonwhat.html
http://cryptome.org/echelon2 -arch.htm
http://actionamerica.org/eche lon/echelonwork.html
http://www.akdart.com/carni v.html
http://cryptome.org/nacsim5000.htm
10081A1210